logoalt Hacker News

thamzhacktoday at 7:40 PM0 repliesview on HN

I've reported bugs to google VRP and got paid. The main problem with this report is that the victim has to click a suspicious link which is similar to phishing through email. No bounty programs award bounty for phishing.

This is not to say this isn't a bug. The author has to find a way to escalate the impact. If they are able to achieve the same impact without user interaction the impact will be high enough for bounty.